Skip to main content

KeePass SSH Key management with PuTTY Pageant and MobaXterm

384 words·
KeePass SSH Windows PuTTY Pageant PuTTY MobaXterm
Table of Contents

This tutorial establishes the following workflow:
SSH Keys are stored in KeePassXC. After the - password protected - KeePass databased is opend, the SSH Keys are automatically transfered to the PuTTY Pageant and MobaXterm uses the SSH Key from the PuTTY Pageant to authenticate via SSH.

Prerequisite
#

PuTTY Pageant`
#

Install PuTTY and add the PuTTY Pageant to Windows Startup folder.
C:\Program Files\PuTTY\pageant.exe Create Shortcut
Open Startup Folder
win + r Open Run Dialog
shell:startup Open Startup folder
Copy Pageant shortcut into Startup folder

OpenSSH Client
#

Open the Optional Features dialog and install OpenSSH Client, depending on the weather it may be necessary to reboot the system.

Alternative just manually add the following Environment Path Variable:
C:\Windows\System32\OpenSSH

Open the terminal and check if the OpenSSH Client is installed: ssh

Troubleshooting: If ssh.exe is still not found, check if the C:\Windows\System32\OpenSSH exists, if not, uninstall OpenSSH Client, reboot and reinstall OpenSSH Client.

Create SSH Key
#

Create RSA Key with 4096 bit:
ssh-keygen -t rsa -b 4096
Optional define path and name of key:
ssh-keygen -t rsa -b 4096 -f C:\SSH\jklug.work

KeePassXC
#

Add SSH Key
#

Download and install KeePassXC: https://keepassxc.org/download/

Create a new Database and add a new entry for the SSH key:

Option: If you defined a password for the SSH Key, add the password to the KeePass entry:

Open the Advanced section and add the private SSH Key as attachment:

Open the SSH Agent section and select the private SSH Key from the attachment menu.

Make sure the following options are enabled:

  • Add key to agent when database is opend
  • Remove key from the agent when database is closed

Optional: If the Add key to agent when database is opend option is not anabled you can manually add the SSH Key to the PuTTY Pageant:

Settings: Open the Tools / Settings panel and make sure Enable SSH Agent integration is enabled.

Allow Screencapture
#

By default the KeePassXC invisible in remote sessions like MS Teams screen sharing, Anydesk and TeamViewer. If you need to administrate KeePass in a remote session you can temporary allow screencapture:
Open a terminal session
cd 'C:\Program Files\KeePassXC' Open the KeePassXC.exe dir
.\KeePassXC.exe --allow-screencapture Run KeePassXC

MobaXterm
#

Settings: Open the Settings / Configuration / SSH panel and make sure Use external Pageant is enabled.